Forum Discussion

AshleyMartin's avatar
Icon for Microsoft rankMicrosoft
Sep 14, 2021

New Blog Post | Azure Sentinel Information Model Fall Release: Speed and Ease

Azure Sentinel Information Model Fall Release: Speed and Ease - Microsoft Tech Community

The first schema to use parametrized parsers is the DNS schema. DNS is a high-volume source, and using optimized parsers enables the new normalized Threat Intelligence Analytics Rules (Domains, IPs) to match your TI to even the highest volume of DNS data. And with out-of-the-box optimized parsers for a wide variety of DNS servers and clients, including Windows DNS Server, InfoBlox, Cisco Umbrella, Corelight Zeek, Google Cloud DNS, and Sysmon, you get this detection across much more of your data. 


Join us to learn more about parametrized parsers in our upcoming webinar “Turbocharging ASIM: Making Sure Normalization Helps Performance Rather Than Impacting It” on Oct 6th. Register, as usual on

No RepliesBe the first to reply
